Lab: Perform NFS Enumeration using RPCScan and SuperEnum

1. Introduction

This lab explains how to perform NFS Enumeration using RPCScan and SuperEnum. It is designed for beginners and advanced students in cybersecurity, penetration testing, and ethical hacking.

The goal is to understand how attackers discover shared files and services and how organizations can protect sensitive data.

2. Scenario Description

CodeStream Innovations relies on a Network File System (NFS) server to share proprietary source code, project documentation, and team resources.

The company fears that misconfigured NFS permissions may allow attackers to access confidential files or spoof trusted client IP addresses.

As a Certified Ethical Hacker (CEH), your task is to simulate a real attack scenario and evaluate the risk level.

3. What is NFS?

Network File System (NFS) allows computers to access files over a network as if they were stored locally. It is commonly used in Linux and UNIX environments.

Important Ports:

• 111 – RPC / Portmapper
• 2049 – NFS Service

4. Objectives of This Lab

• Detect NFS services on a target system
• Enumerate RPC services
• Identify open NFS ports
• Assess exposure of shared directories
• Understand spoofing and misconfiguration risks

5. Lab Environment

• Target OS: Windows Server 2025 (with NFS enabled)
• Attacker OS: ParrotOS (or Kali Linux)
• Target IP: Use your own VM IP (example: 192.168.56.106)

6. Enabling NFS on Windows Server 2025

Step-by-Step

1. Start Windows Server 2025
2. Open Server Manager
3. Click Add roles and features
4. Click Next until Server Roles
5. Expand File and Storage Services
6. Select Server for NFS
7. Click Add Features
8. Click Install
9. Wait for completion and click Close

This enables the Windows server to act as an NFS server.

7. Detecting NFS Using Nmap

Switch to ParrotOS (or Kali Linux).

nmap -p 2049 [Target-IP]

If port 2049 is open, the NFS service is active.

8. NFS Enumeration Using SuperEnum

8.1 Install SuperEnum

git clone https://github.com/p4pentest/SuperEnum.git

8.2 Navigate to Directory

cd SuperEnum

8.3 Create Target File

echo "192.168.56.106" >> Target.txt

This file stores target IP addresses. Multiple targets can be added.

8.4 Run SuperEnum

chmod +x superenum
./superenum

8.5 Provide Target File

Enter IP List filename: Target.txt

SuperEnum scans all major ports including NFS (2049).

9. NFS Enumeration Using RPCScan

9.1 Install RPCScan

cd ..
git clone https://github.com/hegusung/RPCScan.git

9.2 Navigate to RPCScan

cd RPCScan

9.3 Run RPCScan

python3 rpc-scan.py [Target-IP] --rpc

This command enumerates RPC services including NFS.

10. Security Risks Identified

• Unauthorized access to source code
• Exposure of internal documents
• IP spoofing attacks
• Privilege escalation
• Data leakage

11. Mitigation Measures

• Restrict NFS access by IP
• Disable anonymous access
• Use read‑only permissions
• Segment NFS servers
• Monitor RPC and NFS logs

12. Conclusion

This lab demonstrated how attackers and ethical hackers use RPCScan and SuperEnum to enumerate NFS services.

Understanding these techniques allows organizations to secure file‑sharing systems, protect intellectual property, and prevent unauthorized access.

NFS Enumeration is not about hacking — it is about defense through understanding.

Prepared for Educational Use

Cybersecurity | Ethical Hacking | Network Security